CVE-2024-40955

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A slab-out-of-bounds issue has been resolved in the Linux kernel, specifically in the ext4 file system. This issue can be triggered by setting an oversized value for s mb group prealloc via sysfs, causing the kernel to attempt to access an element outside the bounds of the s mb avg fragment size list. The issue is triggered by the following sequence of events: setting s mb group prealloc to a large value, creating a new file, and syncing the file system. The kernel's KASAN (Kernel Address Sanitizer) detects the slab-out-of-bounds access and reports the issue. To fix the issue, a new attribute attr clusters in group is introduced, and mb group prealloc is declared as this type, ensuring that its values are within the valid range.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.